Angel ReminderHome › Privacy
Privacy Policy
1. Controller
DigitalMove Consultants GmbH
Bösch 23
CH-6331 Hünenberg
Switzerland
E-Mail: [email protected]
2. Overview of Processing Activities
a) Account creation (free of charge)
During registration we collect:
- E-mail address (access and communication)
- Name (personal salutation)
- Password (stored as a hash, never in plain text)
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
b) Heartbeat system (premium feature)
Premium users configure a heartbeat interval. We store:
- Heartbeat interval and last confirmation
- Next scheduled heartbeat time
Purpose: Detecting whether the user is still reachable and triggering stored messages in a timely manner.
c) Stored messages and recipients
Users store:
- Messages (text, subject)
- Recipient contacts (name, e-mail address, phone number)
Legal basis: Art. 6(1)(b) GDPR (performance of a contract).
d) Payment processing (Stripe)
For premium subscriptions (10 EUR/year) we use Stripe, Inc. (San Francisco, USA). Stripe processes payment data under its own responsibility. We receive from Stripe only:
- Stripe customer ID
- Stripe subscription ID
- Subscription status and period
Credit card details, bank details, or any other payment information are never stored on our servers.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in payment processing).
Recipient: Stripe, Inc. — Stripe's Privacy Policy.
e) Organ donor status (/donor/)
Users may voluntarily store their organ donor status with a 6-digit public key. This information is publicly accessible via /donor/<code>.
Legal basis: Art. 6(1)(a) GDPR (consent).
f) Server log data
When the website is accessed, the server automatically stores:
- IP address (retained for a limited period for abuse prevention)
- Date and time of the request
- Requested URL and HTTP status code
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in ensuring operation and security).
Retention: IP addresses are automatically deleted after 30 days.
g) E-mail communication
We send e-mails for:
- Heartbeat reminders (premium users only)
- Password reset
- Dispatch of messages to recipients (in the event of death)
Legal basis: Art. 6(1)(b) and (f) GDPR.
3. Disclosure to Third Parties
Personal data is disclosed to third parties only:
- to Stripe for payment processing (see section 2d)
- to recipients of stored messages (only in the event of death, pursuant to the user's instruction)
- where required by law or to prevent abuse
4. Retention Periods
| Data category | Retention |
|---|---|
| Account data (e-mail, name) | Until account deletion |
| Password hash | Until account deletion |
| Messages and recipients | Until account deletion or dispatch |
| Stripe subscription data | Until 2 years after contract end |
| IP addresses | 30 days |
| Deleted accounts (soft-delete) | Marked as inactive; data physically deleted after 90 days |
5. Your Rights
Under the GDPR you have the right to:
- Right of access (Art. 15 GDPR) — what data we hold about you
- Right to rectification (Art. 16 GDPR) — correction of inaccurate data
- Right to erasure (Art. 17 GDPR) — deletion of your account and all data
- Right to restriction of processing (Art. 18 GDPR) — temporary suspension of processing
- Right to data portability (Art. 20 GDPR) — receive your data in a machine-readable format
- Right to object (Art. 21 GDPR) — object to processing
- Right to withdraw consent (Art. 7(3) GDPR) — withdrawal is possible at any time
Please direct requests to: [email protected]
6. Security
- All connections are encrypted via HTTPS
- Passwords are hashed using bcrypt
- No external CDNs, fonts, or tracking scripts (GDPR-compliant)
- Server location: Germany
7. Cookies
We do not use tracking cookies. A technical session cookie may be used for the login process. No data is shared with third parties.
8. Changes
We reserve the right to update this Privacy Policy. The most current version is always available at this URL.